[Free] 2018(Jan) Dumps4cert Examcollection ECCouncil 312-38 Dumps with VCE and PDF 151-160

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Jan ECCouncil Official New Released 312-38
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/312-38.html

EC-Council Network Security Administrator (ENSA)

Question No: 151 – (Topic 2)

Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete solution. Choose two.

  1. Adding a second power supply unit

  2. Performing regular backup of the server

  3. Adding one more same sized disk as mirror on the server

  4. Implementing cluster servers facility

  5. Encrypting confidential data stored on the server

Answer: B,E Explanation:

Encrypting confidential data stored on the server and performing regular backup will not make the server fault tolerant.

Fault tolerance is the ability to continue work when a hardware failure occurs on a system. A fault-tolerant system is designed from the ground up for reliability by building multiples of all critical components, such as CPUs, memories, disks and power supplies into the same computer. In the event one component fails, another takes over without skipping a beat.

Answer options A, C, and D are incorrect. The following steps will make the server fault tolerant:

Adding a second power supply unit

Adding one more same sized disk as a mirror on the serverImplementing cluster servers facility

Question No: 152 – (Topic 2)

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:

It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.

It is commonly used for the following purposes:

  1. War driving

  2. Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking

e.Making Graphs and Alarms on 802.11 Data, including Signal Strength This tool is known as .

  1. Kismet

  2. Absinthe

  3. THC-Scan

  4. NetStumbler

Answer: D Explanation:

NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows:

It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.

It is commonly used for the following purposes: a.War driving

b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking

e.Making Graphs and Alarms on 802.11 Data, including Signal Strength

Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Answer option C is incorrect. THC-Scan is a war-dialing tool.

Answer option B is incorrect. Absinthe is an automated SQL injection tool.

Question No: 153 – (Topic 2)

Which of the following are the common security problems involved in communications and email? Each correct answer represents a complete solution. Choose all that apply.

  1. False message

  2. Message digest

  3. Message replay

  4. Message repudiation

  5. Message modification

  6. Eavesdropping

  7. Identity theft

Answer: A,C,D,E,F,G

Explanation:

Following are the common security problems involved in communications and email: Eavesdropping: It is the act of secretly listening to private information through telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Identity theft: It is the act of obtaining someone#39;s username and password to access his/her email servers for reading email and sending false email messages. These credentials can be obtained by eavesdropping on SMTP, POP, IMAP, or Webmail connections.

Message modification: The person who has system administrator permission on any of the SMTP servers can visit anyone#39;s message and can delete or change the message before it continues on to its destination. The recipient has no way of telling that the email message has been altered.

False message: It the act of constructing messages that appear to be sent by someone else.

Message replay: In a message replay, messages are modified, saved, and re-sent later. Message repudiation: In message repudiation, normal email messages can be forged. There is no way for the receiver to prove that someone had sent him/her a particular message. This means that even if someone has sent a message, he/she can successfully deny it.

Answer option B is incorrect. A message digest is a number that is created algorithmically from a file and represents that file uniquely.

Question No: 154 – (Topic 2)

Which of the following are the six different phases of the Incident handling process? Each correct answer represents a complete solution. Choose all that apply.

  1. Containment

  2. Identification

  3. Post mortem review

  4. Preparation

  5. Lessons learned

  6. Recovery

  7. Eradication

Answer: A,B,D,E,F,G

Explanation:

Following are the six different phases of the Incident handling process:

  1. Preparation: Preparation is the first step in the incident handling process. It includes processes like backing up copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating and implementing a documented security policy. To apply this step a documented security policy is formulated that outlines the responses to various incidents, as a reliable set of instructions during the time of an incident. The following list contains items that the incident handler should maintain in the preparation phase i.e. before an incident occurs:

    Establish applicable policies

    Build relationships with key players Build response kit

    Create incident checklists Establish communication plan Perform threat modeling

    Build an incident response team Practice the demo incidents

  2. Identification: The Identification phase of the Incident handling process is the stage at which the Incident handler evaluates the critical level of an incident for an enterprise or system. It is an important stage where the distinction between an event and an incident is determined, measured and tested.

  3. Containment: The Containment phase of the Incident handling process supports and builds up the incident combating process. It helps in ensuring the stability of the system and also confirms that the incident does not get any worse.

  4. Eradication: The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so that a prevention technique is applied.

  5. Recovery: Recovery is the fifth step of the incident handling process. In this phase, the Incident Handler places the system back into the working environment. In the recovery phase the Incident Handler also works with the questions to validate that the system recovery is successful. This involves testing the system to make sure that all the processes and functions are working normal. The Incident Handler also monitors the system to make sure that the systems are not compromised again. It looks for additional signs of attack.

  6. Lessons learned: Lessons learned is the sixth and the final step of incident handling process. The Incident Handler utilizes the knowledge and experience he learned during the handling of the incident to enhance and improve the incident-handling process. This is the most ignorant step of all incident handling processes. Many times the Incident Handlers are relieved to have systems back to normal and get busy trying to catch up other unfinished work. The Incident Handler should make documents related to the incident or look for ways to improve the process.

Answer option C is incorrect. The post mortem review is one of the phases of the Incident response process.

Question No: 155 – (Topic 2)

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary#39;s intelligence collection capabilities identified in the previous action?

  1. Analysis of Threats

  2. Application of Appropriate OPSEC Measures

  3. Identification of Critical Information

  4. Analysis of Vulnerabilities

  5. Assessment of Risk

Answer: D Explanation:

OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive information and preserve essential secrecy.

The OPSEC process has five steps, which are as follows:

  1. Identification of Critical Information: This step includes identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.

  2. Analysis of Threats: This step includes the research and analysis of intelligence, counter- intelligence, and open source information to identify likely adversaries to a planned operation.

  3. Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to

    identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary#39;s intelligence collection capabilities identified in the previous action.

  4. Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.

  5. Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.

Question No: 156 – (Topic 2)

Which of the following statements are true about an IPv6 network? Each correct answer represents a complete solution. Choose all that apply.

  1. For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.

  2. It increases the number of available IP addresses.

  3. It uses longer subnet masks than those used in IPv4.

  4. It provides improved authentication and security.

  5. It uses 128-bit addresses.

Answer: A,B,D,E Explanation:

IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the problems that were faced by IPv4, such as address depletion, security, auto-configuration, and extensibility. With the fast increasing number of networks and the expansion of the World Wide Web, the allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6 solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is 45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE.

Answer option C is incorrect. The subnet masks used in IPv6 addresses are of the same length as those used in IPv4 addresses.

Question No: 157 – (Topic 2)

Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

  1. Legal representative

  2. Lead investigator

  3. Information security representative

  4. Technical representative

  5. Sales representative

  6. Human resources

Answer: A,B,C,D,F Explanation:

Incident response is a process that detects a problem, determines the cause of an issue, minimizes the damages, resolves the problem, and documents each step of process for future reference. To perform all these roles, an incident response team is needed. The incident response team includes the following representatives who are involved in the incident response process:

Lead investigator: The lead investigator is the manager of an incident response team. He is always involved in the creation of an incident response plan. The duties of a lead investigator are as follows:

Keep the management updated.

Ensure that the incident response moves smoothly and efficiently. Interview and interrogate the suspects and witnesses.

Information security representative: The information security representative is a member of the incident response team who alerts the team about possible security safeguards that can impact their ability to respond to an incident.

Legal representative: The legal representative is a member of the incident response team who ensures that the process follows all the laws during the response to an incident.

Technical representative: Technical representative is a representative of the incident response team. More than one technician can be deployed to an incident. The duties of a technical representative are as follows:

Perform forensic backups of the systems that are involved in an incident.

Human resources: Human resources personnel ensure that the policies of the organization are enforced during the incident response process. They suspend access to a suspect if it is needed. Human resources personnel are closely related with the legal representatives and cover up the organization#39;s legal responsibility.

Answer option E is incorrect. This is an invalid option.

Question No: 158 – (Topic 2)

Which of the following is designed to detect the unwanted presence of fire by monitoring environmental changes associated with combustion?

  1. Gaseous fire suppression

  2. Fire sprinkler

  3. Fire suppression system

  4. Fire alarm system

Answer: D Explanation:

An automatic fire alarm system is designed for detecting the unwanted presence of fire by monitoring environmental changes associated with combustion. In general, a fire alarm system is classified as either automatically actuated, manually actuated, or both. Automatic fire alarm systems are intended to notify the building occupants to evacuate in the event of a fire or other emergency, to report the event to an off-premises location in order to summon emergency services, and to prepare the structure and associated systems to control the spread of fire and smoke.

Answer option C is incorrect. A fire suppression system is used in conjunction with smoke detectors and fire alarm systems to improve and increase public safety.

Answer option A is incorrect. Gaseous fire suppression is a term to describe the use of inert gases and chemical agents to extinguish a fire.

Answer option B is incorrect. A fire sprinkler is the part of a fire sprinkler system that discharges water when the effects of a fire have been detected, such as when a predetermined temperature has been reached.

Question No: 159 – (Topic 2)

Which of the following features is used to generate spam on the Internet by spammers and worms?

  1. AutoComplete

  2. SMTP relay

  3. Server Message Block (SMB) signing

  4. AutoFill

Answer: B Explanation:

SMTP relay feature of e-mail servers allows them to forward e-mail to other e-mail servers. Unfortunately, this feature is exploited by spammers and worms to generate spam on the Internet.

Question No: 160 – (Topic 2)

Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP,

etc.

  1. Dsniff

  2. Cain

  3. Libnids

  4. LIDS

Answer: A Explanation:

Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used

to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:

Dictionary attack Brute force attack Rainbow attack Hybrid attack

Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.

100% Dumps4cert Free Download!
Download Free Demo:312-38 Demo PDF
100% Dumps4cert Free Guaranteed!
312-38 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No